4 tips for securing voter data

INDUSTRY INSIGHT

4 tips for securing voter data

From the hack of the  Democratic National Committee in June to recent criticism about data collected by candidates’ campaign apps, it can feel like data security is the frontrunner in this year’s U.S. presidential election.  

Whether government agencies are more prone to data breaches than private companies or whether the public is more likely to hear about security incidents affecting a state or federal organization, IT staff are responsible for containing such incidents and protecting the sensitive data involved. To meet this challenge, government IT staff can improve security for their agencies and their constituents -- and help avoid being the next cautionary tale making front page news -- by following these four tips.

1. Don’t collect data in the dark. During election seasons and off years alike, political campaigns and party staffers collect quite a bit of data from their potential voters. Not all of this information is necessarily sensitive on its own, but campaigns, also store their constituents’ and potential supporters’ contact information, voter registration history, financial data from previous donations and more. If this personally identifiable information is informed with contextual clues, such as responses to a survey about stances on political issues or household income, it creates a comprehensive snapshot of that individual and becomes highly sensitive.

Treat all data relating to voters and individuals carefully, and frequently audit stored information to ensure such data remains protected. Doing so can prevent attackers from uncovering connections between datasets and, in turn, protect the agency and the citizens it serves.

2. Monitor third-party sensitive data access. Some of the most high-profile data security incidents, such as Target’s $39 million data breach, resulted from a third-party compromising an organization’s internal data. As political organizations amass databases of voter information, they often use software-as-a-service and open source data aggregation solutions that can pose the same risk as a contractor or vendor with temporary access to an internal server. Rather than leaving voter security in the hands of third-party services, government IT staffers must be sure they’re restricting access to highly sensitive information -- including contextual clues about voter profiles.

3. Establish (and follow) data disposal protocols. Voters know the data they share with government organizations doesn’t disappear after an election season ends. However, as an IT pro supporting a government agency, it’s critical to establish, communicate and follow safe data storage, transfer and disposal procedures to reduce ongoing risks of exposure. If left unmanaged, sensitive information can be misplaced among the hordes of dark, or unorganized, data that accumulates in any organization. 

4. As a voter, act on your concerns. While government IT workers have a critical role in protecting sensitive data in their organizations, as registered voters, they can support increased data security in state and federal agencies. Voters can avoid sharing certain personal details with political campaigns if they feel it’s irrelevant or risky, and constituents can write to their representatives to inquire how their data is being collected, managed and used. By expressing a personal interest in how sensitive data being handled and eventually destroyed, every citizen can help pave the way for higher data security standards in government.

About the Author

Andrew Hay is chief information security officer at DataGravity.

inside gcn

  • federal blockchain

    How blockchain can transform the public sector

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group